NuytsTech Security

CVE-2012-1617

by ·

Directory traversal vulnerability in combine.php in OSClass before 2.3.6 allows remote attackers to read and write arbitrary files via a .. (dot dot) in the type parameter. NOTE: this vulnerability can be leveraged to upload arbitrary files.

Date published : 2012-09-25

http://www.securityfocus.com/bid/52336

http://archives.neohapsis.com/archives/bugtraq/2012-03/0024.html

Tags: